Saturday, October 09, 2021

Meanwhile, what guidance are they following?

https://www.databreaches.net/k-12-cybersecurity-act-signed-into-law/

K–12 Cybersecurity Act Signed into Law

David Nagel reports:

On Friday, Oct. 8, President Biden signed the K–12 Cybersecurity Act of 2021 into law. The act comes in response to growing data security incidents impacting K–12 schools in recent years, including a dramatic rise in ransomware and other forms of malware.
On its own, the legislation is fairly simple: It authorizes the director of the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a study within 120 days of the specific risks impacting K–12 institutions. Following that, the director will develop, within 60 days, recommendations for cybersecurity guidelines for K–12 schools, based on the results of the study. And following that, within 120 days, will create an online training toolkit for “officials” at K–12 schools.

Read more on The Journal.



...and from these three, success?

https://www.weforum.org/agenda/2021/10/3-predictions-about-the-future-of-responsible-technology/

3 predictions for the future of responsible technology

Over the past two years, the World Economic Forum – working in close collaboration with a diverse group of experts – has been working on advancing the field of ethics in technology. This project, titled Responsible Use of Technology, began when more than 40 leaders from government, civil society, and business, some with competing agendas, met in The Centre for the Fourth Industrial Revolution in San Francisco. This group agreed on the important goal of providing tools and techniques that leaders can use to operationalize ethics during the lifecycle of technology.

This multi-stakeholder project community has made the case for both human-rights-based and ethics-based approaches to the responsible use of technology, promoted the use of behavioural economics principles in organizational design to drive more ethical behaviour with technology, and highlighted techniques for responsible technology product innovation. As we move into this project's third year, we have a few predictions about the future of responsible tech that we would like to share.

1. The rise of responsible investing in tech

2. Targeted tech regulations: just the beginning

3. Tech ethics will be mandatory in higher education



Know the players…

https://news.bloomberglaw.com/health-law-and-business/soltani-brings-technical-regulatory-expertise-to-privacy-agency

Soltani Brings Technical, Regulatory Expertise to Privacy Agency

The California Privacy Protection Agency’s new executive director Ashkan Soltani is uniquely poised to tackle enforcement and rulemaking for The Golden State’s landmark privacy laws despite steep time and staff constraints, attorneys and privacy professionals say.



Perspective. I better start mining!

https://fortune.com/2021/10/08/bitcoin-not-gold-is-the-new-inflation-hedge-says-jp-morgan/

Bitcoin—not gold—is the new inflation hedge, says JPMorgan

When it comes to hedges against inflation, Bitcoin is looking more and more like the new gold, according to a note JPMorgan shared with clients Thursday.

Bitcoin has been on a run lately, surpassing $50,000 for the first time in a month, and up 87% year to date. Gold is down 7.3% in the same time span.

Bitcoin has seen large fluctuations this year, but that doesn’t seem to be bothering investors. According to JPMorgan’s Thursday note, “Institutional investors appear to be returning to Bitcoin, perhaps seeing it as a better inflation hedge than gold.”



Perspective. Anything else results in a ‘nothing to lose’ attitude. Who cares if you (the AI) are right or wrong.

https://thenextweb.com/news/codifying-humanity-why-robots-should-fear-death?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheNextWeb+%28The+Next+Web+All+Stories%29

Codifying humanity: Why robots should fear death as much as we do


Friday, October 08, 2021

Ransomware is serious. Will someone cross this line? Probably. (A military response does not always mean guns. They have some hackers too.)

https://www.databreaches.net/netherlands-can-use-intelligence-or-armed-forces-to-respond-to-ransomware-attacks/

Netherlands can use intelligence or armed forces to respond to ransomware attacks

Catalin Cimpanu reports:

The Dutch government said it would use its intelligence or military services to counter cyber-attacks, including ransomware attacks, that threaten its national security.
Answering a parliamentary inquiry into the country’s possible avenues of response to ransomware attacks, Ben Knapen, Dutch Minister of Foreign Affairs, said under normal circumstances, diplomatic avenues take precedence, but the country’s response could be escalated in the case of more severe incidents.

Read more on The Record.


(Related) Most likely target?

https://apnews.com/article/technology-business-china-europe-united-states-e13548edf082992a735a0af1da39b6c8

Microsoft: Russia behind 58% of detected state-backed hacks

Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said.



Another reason for CSOs to sweat…

https://www.csoonline.com/article/3636509/how-to-stop-data-from-walking-out-the-door-during-the-great-resignation.html#tk.rss_all

How to Stop Data from Walking Out the Door During the Great Resignation

The first six months of 2021 saw unprecedented turnover in the US labor market, after a full year of the COVID-19 pandemic. And with every individual that leaves an organization, a ripple begins – affecting both operations and risk. In an analysis of data-exposure telemetry from devices using Code42 Incydr, the trend is clear: data is leaving organizations – and it’s leaving fast.

Our analysis shows a direct correlation between resignations, departing employees, and exposure events. Turns out, when people leave, so do source code, patent applications, and customer lists.



Helpful resource?

https://www.bespacific.com/face-recognition-technology-commonly-used-terms/

Face Recognition Technology: Commonly Used Terms

EFF: “As face recognition technology evolves at a dizzying speed, new uses and terminologies seem to develop daily. On this page, we attempt to define and disambiguate some of the most commonly used terms. For more information on government use of face recognition and how to end it in your community, visit EFF’s About Face resource page..

See also EFF’s Street Level Surveillance resource site



Is it so difficult to predict negative outcomes? Perhaps China doesn’t care?

https://www.cpomagazine.com/data-privacy/privacy-principles-for-implementing-digital-contact-tracing/

Privacy Principles for Implementing Digital Contact Tracing

The spread of the Delta variant highlights how important it is to quickly respond to public health crises, and that means considering how contact tracing technologies can be implemented without undermining public trust or exacerbating disparities. If crafted properly, digital contact tracing technologies (DCTT) can be a valuable tool to help stem future outbreaks and reduce the time needed to identify potential new cases.

Unfortunately, governments and other organizations have had uneven success deploying DCTT to help track the COVID-19 pandemic. Many national governments and U.S. states have faced challenges convincing individuals to use exposure notification apps due to privacy concerns. At the same time, COVID-19 has exposed longstanding health equity issues, including disparate access to technology and social exclusion of historically disenfranchised people.

Last year, the Chinese government traced an outbreak of COVID-19 infections to predominantly African communities in Guangzhou’s Yuexiu and Baiyun areas. Following government reports that five Nigerians in the area had tested positive for COVID-19, the government evicted members of this community from their homes and refused them hotel service, even though they had no recent travel history or known exposure to COVID-19. Individuals with “African contacts” were directed to self-quarantine and bars and restaurants were told to refuse service to clients who appeared to be African.



Only finance?

https://www.efinancialcareers.com/news/2021/10/quantum-machine-learning-banking

JPMorgan's guide to quantum machine learning in finance

We suggested in January that it might be a good idea to familiarize yourself with quantum computing if you want to maximize your future employability in financial services. A new academic paper from JPMorgan's Future Lab for Applied Research and Engineering helps explain why.

Authored by Marco Pistoia, JPMorgan's head of quantum technology and head of research, plus members of his team, the paper stresses that quantum computing will impact financial services sooner than you think. Goldman Sachs and JPMorgan have both been building teams of quantum researchers and Goldman has already used quantum methods to speed up derivatives pricing by over a thousand times. The finance industry stands to benefit from quantum computing "even in the short term," says JPMorgan.

The researchers note banks and finance firms are already big users of machine learning techniques like reinforcement learning for algorithmic trading, or Natural Language Processing (NLP) for risk assessment, financial forecasting and accounting and auditing. Many of the machine learning techniques using quantum methodologies, but talent remains hard to find. "Demand is high and quantum is still a very rare skill," says one senior banking technologist.



Toward a global government?

https://www.bespacific.com/one-law-to-rule-them-all-the-reach-of-eu-data-protection-law-after-the-google-v-cnil-case/

One Law to Rule Them All? The Reach of EU Data Protection Law after the Google v CNIL Case

Bougiakiotis, Emmanouil, One Law to Rule Them All? The Reach of EU Data Protection Law after the Google v CNIL Case (August 17, 2020). (2021) 42 Computer Law and Security Review 105580, Available at SSRN: https://ssrn.com/abstract=3675660

Ever since the Internet came about, it has set a vast number of challenges regarding how to tackle some of its characteristics that were unprecedented. One of the most prominent areas where technology challenged the established doctrines of the law is that of jurisdiction. As is well-known, the Internet knows no borders, which at times poses difficult questions on states regarding how to exercise jurisdiction and in particular how to pursue their interests without interfering illegitimately with other states. In Google v CNIL, the Court of Justice of the European Union was called to decide whether European data protection law could apply globally and under what conditions. This paper critically assesses this ruling of the Court as well as the repercussions to which it might lead. Beside certain important problems regarding how this judgment sits within the broader body and practice of European data protection law, this paper discusses how it could influence the discussion about sovereignty and the Internet in general.”



Could we do this in the US?

https://www.bespacific.com/latham-trainee-looks-to-challenge-lexisnexis-and-westlaw-with-free-case-law-hub/

Latham trainee looks to challenge LexisNexis and Westlaw with free case law hub

Legal Cheek: “A Latham & Watkins trainee has set up a free to use case law website with the aim of making legal judgments more accessible to students. Will Chen, 25, founded lawprof.co after graduating with a first in law from the University of Oxford last year. He tells Legal Cheek:

“With the spare time I had, I wanted to do something that could help law students amidst the pandemic. During university, I realised that the current modes of transmitting legal knowledge were far from accessible — textbooks were prohibitively expensive and existing online resources were either slow and clunky, or low quality and inaccurate.”

Since he set up the site some months ago Chen says he’s had several thousands of visitors and views, including from countries where pricey textbooks and websites like LexisNexis and WestLaw “might be less easily accessible”. His team members, of which there are currently 12 (and counting), have also volunteered time to translate case notes into other languages. The site so far focuses on the seven core modules that form the basis of a UK qualifying law degree, covering contract, criminal, tort, public, EU, trusts and land law. There are over 1,200 case summaries spanning the LLB syllabus and these outline the key facts of a case, judicial quotes, and commentary…”



Somehow, I doubt these areas were being ignored.

https://www.cbsnews.com/news/cia-creates-new-mission-centers-china-and-technology/

CIA creates new mission centers focused on China and technology

CIA Director William Burns announced a series of organizational changes intended to hone the agency's focus on key national security challenges, including the launch of two new mission centers, one focused on China and another dedicated to transnational and technological threats.

The China Mission Center "will further strengthen our collective work on the most important geopolitical threat we face in the 21st century, an increasingly adversarial Chinese government," Burns said in a statement on Thursday.

The Transnational and Technology Mission Center will focus on foreign technological development alongside issues like climate change and global health, the CIA said in a press release detailing the changes.

Apart from the new mission centers, the agency will also establish a new chief technology officer position and launch a "Technology Fellows" program to bring in specialized talent. It also said that its recruitment and onboarding process would be significantly streamlined. The reorganization is based on four reviews Burns initiated soon after taking office.



Depressing…

https://www.bespacific.com/senate-report-on-president-donald-trumps-efforts-to-overturn-the-2020-election/

Senate report on President Donald Trump’s efforts to overturn the 2020 election

Following 8 Month Investigation, Senate Judiciary Committee Releases Report on Donald Trump’s Scheme to Pressure DOJ & Overturn the 2020 Election – “The report, Subverting Justice – How the Former President and His Allies Pressured DOJ to Overturn the 2020 Election, and testimony reveal that we were only a half-step away from a full blown constitutional crisis as President Donald Trump and his loyalists threatened a wholesale takeover of the Department of Justice (DOJ). They also reveal how former Acting Civil Division Assistant Attorney General Jeffrey Clark became Trump’s Big Lie Lawyer, pressuring his colleagues in DOJ to force an overturn of the 2020 election. The report sheds new light on Trump’s relentless efforts to coopt DOJ into overturning the 2020 election and Clark’s efforts to aid Trump. The Committee’s interim report is the first comprehensive accounting of those efforts, which were even more expansive and troubling than previously reported. Based on findings from the investigation so far, the Committee has asked the D.C. Bar to open an investigation into Jeffrey Clark’s compliance with applicable rules of professional conduct. These rules include Rule 1.2, which prohibits attorneys from assisting or counseling clients in criminal or fraudulent conduct, and Rule 8.4, which among other things prohibits conduct that seriously interferes with the administration of justice. The Committee is withholding potential findings and recommendations about criminal culpability until the investigation is complete….Key takeaways from the Committee’s investigation include:

  • Previously-unreleased transcripts of the Committee’s closed-door interviews with three key former senior DOJ officials: former Acting Attorney General Jeff Rosen, former Acting Deputy Attorney General Richard Donoghue, and former U.S. Attorney BJay Pak. These witnesses cooperated with the Committee, and although their testimony was not under oath, they were obligated by 18 U.S.C. § 1001 to tell the truth.

  • New details of Donald Trump’s relentless, direct pressure on DOJ’s leadership. This includes at least nine calls and meetings with Rosen and/or Donoghue starting the day former Attorney General Bill Barr announced his resignation and continuing almost until the January 6 insurrection—including near-daily outreach once Barr left DOJ on December 23.

  • New details of then-Acting Assistant Attorney General of the Civil Division Jeffrey Clark’s misconduct, including his attempt to induce Rosen into helping Trump’s election subversion scheme by telling Rosen he would decline Trump’s offer to install him in Rosen’s place if Rosen agreed to aid that scheme.

  • New details around Trump forcing the resignation of U.S. Attorney Pak because he believed Pak was not doing enough to support his false claims of election fraud in Georgia—and then went outside the line of succession to appoint Bobby Christine as Acting U.S. Attorney because he believed Christine would “do something” about his election fraud claims.

  • New details of how, at Barr’s direction, DOJ deviated from decades-long practice meant to avoid inserting DOJ itself as an issue in the election—and instead aggressively pursued false claims of election fraud before votes were certified.

  • Confirmation that Mark Meadows asked Rosen to initiate election fraud investigations on multiple occasions, violating longstanding restrictions on White House intervention in DOJ law enforcement matters—and new details about these requests, including that Meadows asked Rosen to meet with Trump’s outside lawyer Rudy Giuliani…”



Tools & Techniques. Worth a look?

https://www.geekwire.com/2021/want-improve-public-speaking-startups-ai-tool-aims-give-silver-tongue/

Want to improve your public speaking? This startup’s AI tool aims to give you a silver tongue

If you’re intimidated by the prospect of giving a speech, going through a job interview or doing a wedding toast, a Seattle startup called Yoodli might have just the thing: an AI-enabled software platform that analyzes your delivery and gives you tips for improvement — in a non-judgmental way.

Today the venture is coming out of stealth mode, opening up the waitlist for early access to their beta product and announcing a $1 million pre-seed funding round from Seattle’s Allen Institute for Artificial Intelligence and Madrona Venture Group.

… Yoodli’s software platform records users as they deliver their presentations, and then points out where they could speak more clearly, cut back on the “ums” and other filler words, and improve their use of eye contact and gestures. Users can also solicit feedback from colleagues and get connected to an expert coach.


Thursday, October 07, 2021

Questions I’d like answered too. Who decides to put hundreds of small businesses at risk?

https://www.cpomagazine.com/cyber-security/fbi-withheld-kaseya-ransomware-decryption-key-for-three-weeks-congress-demands-the-agency-explain-itself/

FBI Withheld Kaseya Ransomware Decryption Key for Three Weeks; Congress Demands the Agency Explain Itself

The Kaseya ransomware attack of July was particularly devastating to small businesses in the United States, with an estimated 800 to 1,500 companies impacted.

In late September, the Washington Post published a story revealing that the FBI had been holding onto the key with the knowledge and agreement of other agencies. The Post cited several anonymous US officials as sources. The FBI and other agencies apparently felt that distributing the key would tip off REvil that their servers had been penetrated, as they worked behind the scenes to identify the players and put them out of business for good.

As it turns out, the secrecy was pointless; REvil abruptly went out of business on their own in mid-July, possibly after becoming aware that government groups were in their servers. However, the FBI held on to the key for about 10 days after the group’s “Happy Blog” and other infrastructure used for receiving ransom payments disappeared from the dark web.


(Related) Definitely worth a read!

https://www.bespacific.com/ransomware-and-federal-law-cybercrime-and-cybersecurity/

Ransomware and Federal Law: Cybercrime and Cybersecurity

CRS Report – Ransomware and Federal Law: Cybercrime and Cybersecurity, October 5, 2021: “Ransomware attacks—the use of malicious software to deny users access to data and information systems to extort ransom payments from victims—are prevalent. A recent notable example is the May 2021 ransomware attack that temporarily shut down the Colonial Pipeline Company’s network, affecting gasoline availability and prices. This attack is but one of many; in 2020 alone, the Federal Bureau of Investigation (FBI) received nearly 2,500 ransomware complaints with losses exceeding $29 million. Federal law provides several potential approaches to combat ransomware attacks. First, federal criminal laws, such as the Computer Fraud and Abuse Act (CFAA), can be used to prosecute those who perpetrate ransomware attacks. These laws and others, such as the statutes criminalizing conspiracy and aiding and abetting, might also be used to prosecute individuals who help to develop ransomware that is ultimately used by others. Victims who pay ransoms might also be subject to criminal or civil penalties in some cases—for example, where a ransom payment is made knowingly to an entity either designated as a foreign terrorist organization or subject to sanctions by the Department of the Treasury. Nevertheless, policy considerations, mitigating factors, and prosecutorial discretion may weigh against enforcement in such instances. Second, federal cybersecurity laws play an important role in both preventing and responding to ransomware attacks. Cyber preparedness laws require federal agencies to secure their networks and authorize the Cybersecurity and Infrastructure Security Agency (CISA) and Office of Personnel Management (OPM) to establish federal network security requirements. Other cyber preparedness laws authorize federal agencies to assist private entities operating in critical infrastructure sectors in securing their systems. Moreover, many data protection laws include requirements for covered entities to safeguard customer or consumer data. If a ransomware attack or other cyber incident occurs, federal law requires CISA and other federal agencies to work together to mitigate harm to federal networks and authorizes them to assist private entities in incident response and damage mitigation…”



Imagine your kid getting this app and backseat driving takes on a whole new meaning…

https://www.bloomberg.com/news/articles/2021-10-07/apple-s-plan-for-cars-using-iphone-to-control-a-c-seats-radio

Apple’s Plan for Cars: Using iPhone to Control A/C, Seats, Radio

Apple Inc., whose CarPlay interface is used by millions of motorists to control music, get directions and make phone calls, is looking to expand its reach within cars.

The company is working on technology that would access functions like the climate-control system, speedometer, radio and seats, according to people with knowledge of the effort. The initiative, known as “IronHeart” internally, is still in its early stages and would require the cooperation of automakers.



How not to issue regulations? TSA strikes (out) again!

https://www.csoonline.com/article/3636408/tsa-to-issue-cybersecurity-requirements-for-us-rail-aviation-sectors.html#tk.rss_all

TSA to issue cybersecurity requirements for US rail, aviation sectors

After issuing cybersecurity requirements for pipeline companies via two directives earlier this year, the Transportation Safety Administration (TSA) will now also issue cybersecurity requirements for rail systems and airport operators.

Although Mayorkas said that TSA is "coordinating and consulting with industry as we develop all of these plans," Jessica Kahanek, director of media relations at the Association of American Railroads (AAR), said in a statement that it "had only three business days to review and provide feedback on the draft security directive."



Pointing to many reports…

https://www.csoonline.com/article/3634869/top-cybersecurity-statistics-trends-and-facts.html#tk.rss_all

Top cybersecurity statistics, trends, and facts

Survey data from the past year paints a picture for what your threat landscape will potentially look like in the coming months



A list worth researching. You never know what you might find!

https://www.llrx.com/2021/09/2021-guide-to-internet-privacy-resources-and-tools/

2021 Guide to Internet Privacy Resources and Tools

Technology has significantly changed our concept of privacy as well as our ability to maintain it. The are a wide spectrum of tools, services and strategies available to assist you in the effort to maintain a sliding scale of privacy in an increasingly porous, insecure online environment. Whether you are browsing the internet, using email or SMS, encrypting data on PCs or mobile phones, looking for the best VPN, or working to secure your online services from cybercrime, hacking or surveillance, this guide identifies a wide range of sources for you to consider. The foundational issue regarding privacy is that you must be proactive, diligent and persistent in evaluating and using multiple applications for email, search, file transfer, and social media. There is no “one size fits all” solution, and your vigilance and willingness to implement solutions are part of an ongoing process.



...and you can’t use my DNA to create a clone.

https://www.insideprivacy.com/health-privacy/newly-effective-florida-law-imposing-criminal-sanctions-adds-to-developing-nationwide-patchwork-of-state-genetic-privacy-laws/

Newly Effective Florida Law Imposing Criminal Sanctions Adds to Developing Nationwide Patchwork of State Genetic Privacy Laws

Last Friday, October 1, the Protecting DNA Privacy Act (HB 833 ), a new genetic privacy law, went into effect in the state of Florida establishing four new crimes related to the unlawful use of another person’s DNA. While the criminal penalties in HB 833 are notable, Florida is not alone in its focus on increased genetic privacy protections. A growing number of states, including Utah, Arizona, and California, have begun developing a net of genetic privacy protections to fill gaps in federal and other state legislation, often focused on the privacy practices of direct-to-consumer (“DTC”) genetic testing companies. While some processing of genetic information is covered by federal law, the existing patchwork of federal genetic privacy protections do not clearly cover all forms of genetic testing, including DTC genetic tests.



Yes, it could happen here. Think of it as “Big Robo-brother.”

https://www.theguardian.com/world/2021/oct/06/dystopian-world-singapore-patrol-robots-stoke-fears-of-surveillance-state

Dystopian world’: Singapore patrol robots stoke fears of surveillance state

Singapore has trialled patrol robots that blast warnings at people engaging in “undesirable social behaviour”, adding to an arsenal of surveillance technology in the tightly controlled city-state that is fuelling privacy concerns.

From vast numbers of CCTV cameras to trials of lampposts kitted out with facial recognition tech, Singapore is seeing an explosion of tools to track its inhabitants.



How to handle really, really big data…

https://www.c4isrnet.com/intel-geoint/2021/10/06/national-geospatial-intelligence-agency-boss-reveals-data-strategy/

National Geospatial-Intelligence Agency boss reveals data strategy

Dozens of commercial providers have created entire constellations of sensors that can feed data to the government, while within the Defense Department, organizations are developing or discussing entirely new constellations of imagery satellites to fulfill the needs of joint war fighters.

The growth in GEOINT data from government and commercial sources here and around the world is staggering. This exponential growth in data leads us to one of our biggest challenges: managing all of the data,” Vice Adm. David Sharp, director of NGA, said Wednesday at the 2021 GEOINT Symposium in St. Louis, Missouri.

Sharp outlined the four major focus areas guiding its data investments:

  • First, we have to have data that can be intuitively discovered, easily accessed and responsibly shared with those who need it.”

  • Second, we have to improve data assets so that they can be easily reused for both anticipated and unanticipated purposes.”

  • Third, our customers and workforce have to be able to efficiently find data across different security domains.”

  • And lastly, we need artificial intelligence and machine learning to enhance our production capacity.”

… NGA Data Strategy 2021 PDF https://www.nga.mil/assets/files/RCD_U_2021-00986_210205-006_NGA_Data_Strategy_Digital__APPROVED_21-873_093021_v6.pdf



Thoughtful.

https://sloanreview.mit.edu/article/building-an-organizational-approach-to-responsible-ai/

Building an Organizational Approach to Responsible AI

AI differs from many other tools of digital transformation and raises different concerns because it is the only technology that learns and changes its outcomes as a result. Accordingly, AI can make graver mistakes more quickly than a human could. Despite the amplified risk of its speed and scale, AI can also be tremendously valuable in business. PwC estimates that AI could contribute up to $15.7 trillion to the global economy in 2030.



Not entirely straight forward.

https://www.newscientist.com/article/mg25133550-800-supersized-ais-are-truly-intelligent-machines-just-a-matter-of-scale/

Supersized AIs: Are truly intelligent machines just a matter of scale?

WHEN the artificial intelligence GPT-3 was released last year, it gave a good impression of having mastered human language, generating fluent streams of text on command. As the world gawped, seasoned observers pointed out its many mistakes and simplistic architecture. It is just a mindless machine, they insisted. Except that there are reasons to believe that AIs like GPT-3 may soon develop human-level language abilities, reasoning, and other hallmarks of what we think of as intelligence.

The success of GPT-3 has been put down to one thing: it was bigger than any AI of its type, meaning, roughly speaking, that it boasted many more artificial neurons. No one had expected that this shift in scale would make such a difference. But as AIs grow ever larger, they are not only proving themselves the match of humans at all manner of tasks, they are also demonstrating the ability to take on challenges they have never seen.

As a result, some in the field are beginning to think the inexorable drive to greater scales will lead to AIs with abilities comparable with those of humans. Samuel Bowman at New York University is among them. “Scaling up current methods significantly, especially after a decade or two of compute improvements, seems likely to make human-level language behaviour easy to attain,” he says.